Lucene search

K
ibmIBMB98AEADE0230C7DC15A0B6E59DCC56210AECF8E186C4082ED56BAF961B223F93
HistoryNov 30, 2022 - 10:21 a.m.

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

2022-11-3010:21:01
www.ibm.com
16

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.006 Low

EPSS

Percentile

78.5%

Summary

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js.

Vulnerability Details

CVEID:CVE-2022-32222
**DESCRIPTION:**Node.js could allow a remote attacker to bypass security restrictions. By attempting to read openssl.cnf from /home/iojs/build/ upon startup, an attacker could exploit this vulnerability to create this file and affect the default OpenSSL configuration for other users.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230662 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2022-35255
**DESCRIPTION:**Node.js could provide weaker than expected security, caused by the failure to check the return value after calls are made to EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236965 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2022-32212
**DESCRIPTION:**Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the failure to properly check if an IP address is invalid or not by IsIPAddress. By controlling the victim’s DNS server or spoofing its responses, an attacker could exploit this vulnerability to bypass the IsAllowedHost check and execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230660 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2022-35256
**DESCRIPTION:**Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle header fields that are not terminated with CLRF by the llhttp parser in the http module. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236964 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2022-32214
**DESCRIPTION:**Node.js is vulnerable to HTTP request smuggling, caused by the failure to strictly use the CRLF sequence to delimit HTTP requests by the llhttp parser in the http module. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230658 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2022-32215
**DESCRIPTION:**Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly handle multi-line Transfer-Encoding headers by the llhttp parser in the http module. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230659 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2022-32223
**DESCRIPTION:**Node.js could allow a local attacker to gain elevated privileges on the system, caused by the DLL search order hijacking of providers.dll. By placing a specially crafted file, an attacker could exploit this vulnerability to escalate privileges.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230661 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-32213
**DESCRIPTION:**Node.js is vulnerable to HTTP request smuggling, caused by the failure to correctly parse and validate Transfer-Encoding headers by the llhttp parser in the http module. A remote attacker could send a specially-crafted request to lead to HTTP Request Smuggling (HRS). An attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230657 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

**IBM X-Force ID:**237819
**DESCRIPTION:**Node.js moment-timezone module could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection vulnerability in the grunt-zdownload.js, data-zdump.js, and data-zic.js scripts. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/237819 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
Watson Discovery 4.0.0-4.5.3

Remediation/Fixes

Upgrade to IBM Watson Discovery 4.6.0

<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwatson_queryMatch4.0.0
OR
ibmwatson_queryMatch4.5.3

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.006 Low

EPSS

Percentile

78.5%